Overview

overview

8

Static

static

3

604c8b4f2f...18.dll

windows7-x64

8

604c8b4f2f...18.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/07/2024, 22:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    604c8b4f2f82e016cff74ebc4a359e34_JaffaCakes118.dll

  • Size

    184KB

  • MD5

    604c8b4f2f82e016cff74ebc4a359e34

  • SHA1

    4f2b3c4f11d3e01d9565c13e1636113d2062e4ae

  • SHA256

    adb5aecc46f0bceb86e6498d3fd873fc6ab501247521bea529b4a8c9df84ca02

  • SHA512

    3e944f4a4fd19f32862be8b4ffa3533a3b97aaa2b0dc91db1813133c8c0205379032da7c2a4c60dbe8810975501d707fe74bdf8fdf83f8683bc7b2d71ae77ef6

  • SSDEEP

    3072:TQHKEPyt1uHPMetkxLTxXOuMh1Vgax51ClVyr0sxQVO1nhssEvx0fdvAP:Tumt1uHPMe6LTRzMh1eC1CCW8+nvmfp

Score
8/10
persistence

Malware Config

Signatures

  • Drops file in Drivers directory 2 IoCs
  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\604c8b4f2f82e016cff74ebc4a359e34_JaffaCakes118.dll,#1
    1⤵
    • Drops file in Drivers directory
    • Sets service image path in registry
    • Suspicious behavior: LoadsDriver
    • Suspicious use of AdjustPrivilegeToken
    PID:3928

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads